Wireguard fails to receive packages

Hello guys.
I'm trying to set up wiregurd, I've watched several videos, but still it's not working. It sends packages, but it doesn't receive them. Here is the contents of my /etc/config/network and /etc/config/firewall

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'xxxx:xxxx:xxxx::/48'
        option packet_steering '1'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.2.1'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option gateway '192.168.1.1'
        list dns '192.168.1.1'

config device
        option name 'wan'
        option macaddr 'xxxxxxxxxxxxxxx'

config interface 'wan'
        option device 'wan'
        option proto 'dhcp'
        option peerdns '0'
        list dns '1.1.1.1'
        list dns '1.0.0.1'
        option metric '20'

config interface 'wan6'
        option device 'wan'
        option proto 'dhcpv6'
        option reqaddress 'try'
        option reqprefix 'auto'
        option norelease '1'
        option defaultroute '0'

config interface 'wg0'
        option proto 'wireguard'
        option private_key 'xxxxxxxxxxxxxxxxxxxxxxxxxxxx'
        option listen_port '51820'
        list addresses 'xx.xx.xx.xxx/32'
        list dns '1.0.0.1'
        list dns '1.1.1.1'
        option metric '10'
        option force_link '1'

config wireguard_wg0
        option description 'Sirius'
        option public_key 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
        option private_key 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
        option preshared_key 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
        list allowed_ips '0.0.0.0/0'
        option route_allowed_ips '1'
        option endpoint_host 'xxxx.xxxxx.xxx'
        option endpoint_port 'xxxxx'
        option persistent_keepalive '20'

config device
        option name 'wg0'

/etc/config/firewall

config defaults
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option synflood_protect '1'
        option flow_offloading '1'

config zone
        option name 'lan'
        list network 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option mtu_fix '1'

config zone
        option name 'wan'
        list network 'wan'
        list network 'wan6'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config zone
        option name 'vpn'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        list network 'wg0'
        option masq '1'
        option mtu_fix '1'

config forwarding
        option src 'lan'
        option dest 'vpn'

config nat
        option name 'Sirius'
        list proto 'all'
        option src 'wan'
        option target 'MASQUERADE'

First check if you have internet access without the VPN.

Chances are your keys are wrong, check the wireguard config e.g. with your phone on cellular to see if the config is OK.

A few things you should remove:
Remove the gateway and DNS, DNS should be set on the WAN:

Remove:

and remove:

I would not work with metrics but that is personal

Reboot and test again.

For a how to setup a WireGuard client see: WireGuard Client Setup guide
But it looks OK at first glance

There is internet without VPN. But when I turn the VPN on the connection gets lots. I can't remove the lines you've shown to me, because this router connects to the internet via another router. That's why I need it's IP as a gateway and as a DNS server. And how do I check this VPN on my phone? Do I need to install the application Wireguard and scan a qr code from my computer with it?

You really should remove those lines, the gateway will be automatically set from the wan.

DNS should also be set on the WAN you can add 192.168.1.1 as DNS server on the wan if you want.

Reboot and test again although I do not think these are the show stoppers.

About your phone download the WireGuard app and import the config file the same way you have done on your router or if you have the QR code you can scan it

I tried to do that. My phone doesn't connect with this VPN neither. I even got one more VPN service just for test. It doesn't work.

Make sure your phone is on cellular when testing but if it does not work then the config and or keys are wrong.

This is something you have to take up with your VPN provider.

You can always use a ProtonVPN free account as described in my guide

It doesn't work on cellular network. Please, give me a link to your guide.

I repeatedly provided a link to it also in the former threads, see a few post above

You mean a PDF file?

Exactly, you can also find it on my github:

This is router number 2 in my home networtk. It is connected to another router LAN-WAN and uses it as a gateway. My first router has IP 192.168.1.1 and my second router has IP 192.168.2.1. And I have two DHCP servers. Can it be the cause of the problem, how do you think?

No that is not related assuming you have reset to defaults and only changed the default LAN ip from 192.168.1.1 to 192.168.2.1
Then it is just a regular router on which you can setup WireGuard etc.

When I try to establish connection with my Android phone I get "Bad address" error. Perhaps this will help. What does it mean?

This is my config

[Interface]
PrivateKey = xxxxxxxxxxxxxxxxxxx
Address = 10.66.72.176/32
DNS = 1.1.1.1,1.0.0.1

[Peer]
PublicKey = xxxxxxxxxxxxxxxxxxxxxxxx
PresharedKey = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Endpoint = ruwg.lapti.win:10700
AllowedIPs = 0.0.0.0/0

Are you still getting a bad address with the config you just shared? That resolves to a normal IP address when I do a simple lookup.

What do you mean? I don't understand.

Not sure what is not clear...

You stated that you were getting this error before... is it still happening?

In other words, I did nslookup ruwg.lapti.win and it returned a valid IP address.

I think the problem is in this address

Address = 10.66.72.176/32

That is the address your VPN provider (= VPN server) has reserved for your peer.

Your VPN provider will hand out this config to you

The only thing you have to take care of is that your routers (or phones) network is not overlapping with the WG network but as your router is 192.168.2.1 that is not the case

I've just installed the Wireguard app for windows and added the conf file. It works. I don't know what to do.